Fatal trap 12: page fault while in kernel mode, No vmcore

KDB: debugger backends: ddb
KDB: current backend: ddb
---<<BOOT>>---
Copyright (c) 1992-2022 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 14.0-CURRENT #6 main-n255677-71fe907dfb03c-dirty: Wed May 18 22:31:31 CEST 2022
    pho@mercat1.netperf.freebsd.org:/usr/src/sys/amd64/compile/PHO amd64
FreeBSD clang version 13.0.0 (git@github.com:llvm/llvm-project.git llvmorg-13.0.0-0-gd7b669b3a303)
WARNING: WITNESS option enabled, expect reduced performance.
WARNING: DIAGNOSTIC option enabled, expect reduced performance.
VT(vga): resolution 640x480
CPU: Intel(R) Xeon(R) CPU E5-1650 v3 @ 3.50GHz (3500.08-MHz K8-class CPU)
  Origin="GenuineIntel"  Id=0x306f2  Family=0x6  Model=0x3f  Stepping=2
  Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0x7ffefbff<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,TSCDLT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND>
  AMD Features=0x2c100800<SYSCALL,NX,Page1GB,RDTSCP,LM>
  AMD Features2=0x21<LAHF,ABM>
  Structured Extended Features=0x37ab<FSGSBASE,TSCADJ,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,PQM,NFPUSG>
  XSAVE Features=0x1<XSAVEOPT>
  VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID,VID,PostIntr
  TSC: P-state invariant, performance statistics
real memory  = 34359738368 (32768 MB)
avail memory = 33176645632 (31639 MB)
Event timer "LAPIC" quality 600
ACPI APIC Table: <SUPERM SMCI--MB>
FreeBSD/SMP: Multiprocessor System Detected: 12 CPUs
FreeBSD/SMP: 1 package(s) x 6 core(s) x 2 hardware threads
random: registering fast source Intel Secure Key RNG
random: fast provider: "Intel Secure Key RNG"
random: unblocking device.
ioapic0 <Version 2.0> irqs 0-23
ioapic1 <Version 2.0> irqs 24-47
Launching APs: 1 11 6 9 8 2 7 4 10 5 3
random: entropy device external interface
kbd1 at kbdmux0
vtvga0: <VT VGA driver>
smbios0: <System Management BIOS> at iomem 0xf0560-0xf057e
smbios0: Version: 2.8, BCD Revision: 2.7
aesni0: <AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS>
acpi0: <SUPERM SMCI--MB>
acpi0: Power Button (fixed)
cpu0: <ACPI CPU> on acpi0
dmar0: <DMA remap> iomem 0xfbffc000-0xfbffcfff on acpi0
atrtc0: <AT realtime clock> port 0x70-0x71,0x74-0x77 irq 8 on acpi0
atrtc0: registered as a time-of-day clock, resolution 1.000000s
Event timer "RTC" frequency 32768 Hz quality 0
attimer0: <AT timer> port 0x40-0x43,0x50-0x53 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
Event timer "HPET" frequency 14318180 Hz quality 350
Event timer "HPET1" frequency 14318180 Hz quality 340
Event timer "HPET2" frequency 14318180 Hz quality 340
Event timer "HPET3" frequency 14318180 Hz quality 340
Event timer "HPET4" frequency 14318180 Hz quality 340
Event timer "HPET5" frequency 14318180 Hz quality 340
Event timer "HPET6" frequency 14318180 Hz quality 340
Event timer "HPET7" frequency 14318180 Hz quality 340
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
pcib0: <ACPI Host-PCI bridge> on acpi0
pci0: <ACPI PCI bus> on pcib0
pci0: <dasp, performance counters> at device 11.1 (no driver attached)
pci0: <dasp, performance counters> at device 11.2 (no driver attached)
pci0: <dasp, performance counters> at device 16.1 (no driver attached)
pci0: <dasp, performance counters> at device 16.6 (no driver attached)
pci0: <dasp, performance counters> at device 18.1 (no driver attached)
acpi_syscontainer0: <System Container> on acpi0
acpi_syscontainer1: <System Container> on acpi0
acpi_syscontainer2: <System Container> on acpi0
acpi_syscontainer3: <System Container> on acpi0
apei0: <ACPI Platform Error Interface> on acpi0
pcib1: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci1: <ACPI PCI bus> on pcib1
pcib2: <ACPI PCI-PCI bridge> irq 26 at device 1.0 on pci1
pci2: <ACPI PCI bus> on pcib2
pcib3: <ACPI PCI-PCI bridge> irq 32 at device 2.0 on pci1
pci3: <ACPI PCI bus> on pcib3
pci3: <network, ethernet> at device 0.0 (no driver attached)
pci3: <network, ethernet> at device 0.1 (no driver attached)
pcib4: <ACPI PCI-PCI bridge> irq 40 at device 3.0 on pci1
pci4: <ACPI PCI bus> on pcib4
pci1: <unknown> at device 17.0 (no driver attached)
ahci0: <Intel Wellsburg AHCI SATA controller> port 0xf110-0xf117,0xf100-0xf103,0xf0f0-0xf0f7,0xf0e0-0xf0e3,0xf020-0xf03f mem 0xfb438000-0xfb4387ff irq 16 at device 17.4 on pci1
unknown: dmar0 pci0:0:20:0 rid a0 domain 0 mgaw 48 agaw 48 re-mapped
unknown: dmar0 pci0:0:26:0 rid d0 domain 1 mgaw 48 agaw 48 re-mapped
unknown: dmar0 pci0:0:29:0 rid e8 domain 2 mgaw 48 agaw 48 re-mapped
ahci0: dmar0 pci0:0:17:4 rid 8c domain 3 mgaw 48 agaw 48 re-mapped
ahci0: AHCI v1.30 with 4 6Gbps ports, Port Multiplier not supported
ahcich0: <AHCI channel> at channel 0 on ahci0
ahcich1: <AHCI channel> at channel 1 on ahci0
ahcich2: <AHCI channel> at channel 2 on ahci0
ahcich3: <AHCI channel> at channel 3 on ahci0
ahciem0: <AHCI enclosure management bridge> on ahci0
xhci0: <Intel Wellsburg USB 3.0 controller> mem 0xfb400000-0xfb40ffff irq 19 at device 20.0 on pci1
xhci0: 32 bytes context size, 64-bit DMA
usbus0 on xhci0
usbus0: 5.0Gbps Super Speed USB v3.0
pci1: <simple comms> at device 22.0 (no driver attached)
pci1: <simple comms> at device 22.1 (no driver attached)
ehci0: <Intel Wellsburg USB 2.0 controller> mem 0xfb434000-0xfb4343ff irq 18 at device 26.0 on pci1
usbus1: EHCI version 1.0
usbus1 on ehci0
usbus1: 480Mbps High Speed USB v2.0
pcib5: <ACPI PCI-PCI bridge> irq 16 at device 28.0 on pci1
pci5: <ACPI PCI bus> on pcib5
pcib6: <ACPI PCI-PCI bridge> irq 18 at device 28.2 on pci1
pci6: <ACPI PCI bus> on pcib6
pcib7: <ACPI PCI-PCI bridge> at device 0.0 on pci6
pci7: <ACPI PCI bus> on pcib7
vgapci0: <VGA-compatible display> port 0xe000-0xe07f mem 0xfa000000-0xfaffffff,0xfb000000-0xfb01ffff irq 18 at device 0.0 on pci7
vgapci0: Boot video device
pcib8: <ACPI PCI-PCI bridge> irq 16 at device 28.4 on pci1
pci8: <ACPI PCI bus> on pcib8
igb0: <Intel(R) I350 (Copper)> port 0xd020-0xd03f mem 0xfb320000-0xfb33ffff,0xfb344000-0xfb347fff irq 16 at device 0.0 on pci8
igb0: EEPROM V1.63-0 eTrack 0x800009fa
igb0: Using 1024 TX descriptors and 1024 RX descriptors
igb0: queue equality override not set, capping rx_queues at 6 and tx_queues at 6
igb0: Using 6 RX queues 6 TX queues
igb0: Using MSI-X interrupts with 7 vectors
igb0: dmar0 pci0:7:0:0 rid 700 domain 4 mgaw 48 agaw 48 re-mapped
igb0: Ethernet address: 0c:c4:7a:a8:cd:da
igb0: netmap queues/slots: TX 6/1024, RX 6/1024
igb1: <Intel(R) I350 (Copper)> port 0xd000-0xd01f mem 0xfb300000-0xfb31ffff,0xfb340000-0xfb343fff irq 17 at device 0.1 on pci8
igb1: EEPROM V1.63-0 eTrack 0x800009fa
igb1: Using 1024 TX descriptors and 1024 RX descriptors
igb1: queue equality override not set, capping rx_queues at 6 and tx_queues at 6
igb1: Using 6 RX queues 6 TX queues
igb1: Using MSI-X interrupts with 7 vectors
igb1: dmar0 pci0:7:0:1 rid 701 domain 5 mgaw 48 agaw 48 re-mapped
igb1: Ethernet address: 0c:c4:7a:a8:cd:db
igb1: netmap queues/slots: TX 6/1024, RX 6/1024
ehci1: <Intel Wellsburg USB 2.0 controller> mem 0xfb433000-0xfb4333ff irq 18 at device 29.0 on pci1
usbus2: EHCI version 1.0
usbus2 on ehci1
usbus2: 480Mbps High Speed USB v2.0
isab0: <PCI-ISA bridge> at device 31.0 on pci1
isa0: <ISA bus> on isab0
ahci1: <Intel Wellsburg AHCI SATA controller> port 0xf070-0xf077,0xf060-0xf063,0xf050-0xf057,0xf040-0xf043,0xf000-0xf01f mem 0xfb432000-0xfb4327ff irq 16 at device 31.2 on pci1
ahci1: dmar0 pci0:0:31:2 rid fa domain 6 mgaw 48 agaw 48 re-mapped
ahci1: AHCI v1.30 with 6 6Gbps ports, Port Multiplier not supported
ahcich4: <AHCI channel> at channel 0 on ahci1
ahcich5: <AHCI channel> at channel 1 on ahci1
ahcich6: <AHCI channel> at channel 2 on ahci1
ahcich7: <AHCI channel> at channel 3 on ahci1
ahcich8: <AHCI channel> at channel 4 on ahci1
ahcich9: <AHCI channel> at channel 5 on ahci1
ahciem1: <AHCI enclosure management bridge> on ahci1
acpi_button0: <Power Button> on acpi0
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
uart1: <16550 or compatible> port 0x2f8-0x2ff irq 3 on acpi0
uart1: console (115200,n,8,1)
orm0: <ISA Option ROMs> at iomem 0xc0000-0xc7fff,0xcb000-0xcbfff pnpid ORM0000 on isa0
est0: <Enhanced SpeedStep Frequency Control> on cpu0
NULL mp in getnewvnode(9), tag crossmp
Timecounter "TSC-low" frequency 1749998370 Hz quality 1000
Timecounters tick every 1.000 msec
Kernel page fault with the following non-sleepable locks held:
exclusive rw vm object (vm object) r = 0 (0xfffff80004837b58) locked @ x86/iommu/intel_idpgtbl.c:550
exclusive sleep mutex AHCI channel lock (AHCI channel lock) r = 0 (0xfffffe003ce28400) locked @ kern/kern_mutex.c:211
stack backtrace:
#0 0xffffffff80c85445 at witness_debugger+0x65
#1 0xffffffff80c8659a at witness_warn+0x3ea
#2 0xffffffff810fcce6 at trap_pfault+0x86
#3 0xffffffff810cdc18 at calltrap+0x8
#4 0xffffffff81078e7e at iommu_gas_map+0x15e
#5 0xffffffff81077339 at iommu_bus_dmamap_load_something+0x119
#6 0xffffffff81076995 at iommu_bus_dmamap_load_buffer+0x1c5
#7 0xffffffff80c55a3e at _bus_dmamap_load_ccb+0x20e
#8 0xffffffff80c557cc at bus_dmamap_load_ccb+0x8c
#9 0xffffffff803929d9 at xpt_run_devq+0x2f9
#10 0xffffffff80395de7 at xpt_release_simq+0x67
#11 0xffffffff80c3027a at softclock_call_cc+0x15a
#12 0xffffffff80c31b96 at softclock_thread+0xc6
#13 0xffffffff80bc9850 at fork_exit+0x80
#14 0xffffffff810cec8e at fork_trampoline+0xe


Fatal trap 12: page fault while in kernel mode
cpuid = 3; apic id = 03
fault virtual address	= 0x30
fault code		= supervisor read data, page not present
instruction pointer	= 0x20:0xffffffff810acafb
stack pointer	        = 0x28:0xfffffe00e49bea30
frame pointer	        = 0x28:0xfffffe00e49bead0
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 2 (clock (0))
trap number		= 12
panic: page fault
cpuid = 3
time = 1
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00e49be7f0
vpanic() at vpanic+0x17f/frame 0xfffffe00e49be840
panic() at panic+0x43/frame 0xfffffe00e49be8a0
trap_fatal

KDB: reentering
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe003ce3af10
kdb_reenter() at kdb_reenter+0x2c/frame 0xfffffe003ce3af20
nmi_calltrap() at nmi_calltrap+0x8/frame 0xfffffe003ce3af20
--- trap 0x13, rip = 0xffffffff810c5d7a, rsp = 0xfffffe00e49be360, rbp = 0xfffffe00e49be3a0 ---
DELAY() at DELAY+0x7a/frame 0xfffffe00e49be3a0
read_kbd_data_no_wait() at read_kbd_data_no_wait+0x54/frame 0xfffffe00e49be3c0
atkbd_read_char() at atkbd_read_char+0xa9/frame 0xfffffe00e49be410
kbdmux_read_char() at kbdmux_read_char+0x1b8/frame 0xfffffe00e49be460
vtterm_cngetc() at vtterm_cngetc+0xbb/frame 0xfffffe00e49be490
cngetc() at cngetc+0x5c/frame 0xfffffe00e49be4b0
db_readline() at db_readline+0xf5/frame 0xfffffe00e49be4f0
db_read_line() at db_read_line+0x15/frame 0xfffffe00e49be500
db_command_loop() at db_command_loop+0x43/frame 0xfffffe00e49be510
db_trap() at db_trap+0xe6/frame 0xfffffe00e49be5a0
kdb_trap() at kdb_trap+0x14b/frame 0xfffffe00e49be610
trap() at trap+0x84a/frame 0xfffffe00e49be720
calltrap() at calltrap+0x8/frame 0xfffffe00e49be720
--- trap 0x3, rip = 0xffffffff80c60c42, rsp = 0xfffffe00e49be7f0, rbp = 0xfffffe00e49be7f0 ---
kdb_enter() at kdb_enter+0x32/frame 0xfffffe00e49be7f0
vpanic() at vpanic+0x1b0/frame 0xfffffe00e49be840
panic() at panic+0x43/frame 0xfffffe00e49be8a0
trap_fatal() at trap_fatal+0x385/frame 0xfffffe00e49be900
trap_pfault() at trap_pfault+0xab/frame 0xfffffe00e49be960
calltrap() at calltrap+0x8/frame 0xfffffe00e49be960
--- trap 0xc, rip = 0xffffffff810acafb, rsp = 0xfffffe00e49bea30, rbp = 0xfffffe00e49bead0 ---
domain_map_buf() at domain_map_buf+0x1eb/frame 0xfffffe00e49bead0
iommu_gas_map() at iommu_gas_map+0x15e/frame 0xfffffe00e49beb60
iommu_bus_dmamap_load_something() at iommu_bus_dmamap_load_something+0x119/frame 0xfffffe00e49bec10
iommu_bus_dmamap_load_buffer() at iommu_bus_dmamap_load_buffer+0x1c5/frame 0xfffffe00e49becb0
_bus_dmamap_load_ccb() at _bus_dmamap_load_ccb+0x20e/frame 0xfffffe00e49bed10
bus_dmamap_load_ccb() at bus_dmamap_load_ccb+0x8c/frame 0xfffffe00e49bed70
xpt_run_devq() at xpt_run_devq+0x2f9/frame 0xfffffe00e49bedd0
xpt_release_simq() at xpt_release_simq+0x67/frame 0xfffffe00e49bee00
softclock_call_cc() at softclock_call_cc+0x15a/frame 0xfffffe00e49beec0
softclock_thread() at softclock_thread+0xc6/frame 0xfffffe00e49beef0
fork_exit() at fork_exit+0x80/frame 0xfffffe00e49bef30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00e49bef30
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
db> 

diff --git a/sys/dev/iommu/busdma_iommu.c b/sys/dev/iommu/busdma_iommu.c
index 99d47f0b6ede8..1729ba7d84ea3 100644
--- a/sys/dev/iommu/busdma_iommu.c
+++ b/sys/dev/iommu/busdma_iommu.c
@@ -584,7 +584,7 @@ iommu_bus_dmamap_load_something1(struct bus_dma_tag_iommu *tag,
 		}
 		buflen1 = buflen > tag->common.maxsegsz ?
 		    tag->common.maxsegsz : buflen;
-		size = round_page(offset + buflen1);
+		size = round_page(buflen1);
 
 		/*
 		 * (Too) optimistically allow split if there are more
@@ -600,22 +600,7 @@ iommu_bus_dmamap_load_something1(struct bus_dma_tag_iommu *tag,
 		    gas_flags, ma + idx, &entry);
 		if (error != 0)
 			break;
-		if ((gas_flags & IOMMU_MF_CANSPLIT) != 0) {
-			KASSERT(size >= entry->end - entry->start,
-			    ("split increased entry size %jx %jx %jx",
-			    (uintmax_t)size, (uintmax_t)entry->start,
-			    (uintmax_t)entry->end));
-			size = entry->end - entry->start;
-			if (buflen1 > size)
-				buflen1 = size;
-		} else {
-			KASSERT(entry->end - entry->start == size,
-			    ("no split allowed %jx %jx %jx",
-			    (uintmax_t)size, (uintmax_t)entry->start,
-			    (uintmax_t)entry->end));
-		}
-		if (offset + buflen1 > size)
-			buflen1 = size - offset;
+		buflen1 = entry->end - entry->start;
 		if (buflen1 > tag->common.maxsegsz)
 			buflen1 = tag->common.maxsegsz;
 
Test scenario: boot w/ hw.dmao.enable=1